package csc.fresher.finalgroupfour.controller;

import java.security.Principal;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;

import csc.fresher.finalgroupfour.domain.Customer;
import csc.fresher.finalgroupfour.service.BankService;

@Controller
public class LoginController {
	@Autowired
	private BankService bankService;
	int count = 0;

	public BankService getBankService() {
		return bankService;
	}

	@Autowired
	public void setBankService(BankService bankService) {
		this.bankService = bankService;
	}

	@RequestMapping(value = "/login", method = RequestMethod.GET)
	public String welcome(Model model) {
		model.addAttribute("Customer", new Customer());
		return "login";
	}
	
	
	@RequestMapping(value = {"/login"}, method = RequestMethod.POST)
	public String login(HttpServletRequest request, Model model) {
		String loginId = request.getParameter("loginId");
		String password = request.getParameter("password");
		HttpSession session = request.getSession();
		session.setAttribute("user", loginId);
		
		//session.setAttribute("user", user);
		/*	Captcha captcha = Captcha.load(request, "formCaptcha");
		// check captcha
		if (session.getAttribute("isCaptchaValid") == null) {
			// validate the Captcha to check we're not dealing with a bot
			boolean isHuman = captcha.validate(request,
					request.getParameter("captchaCodeTextBox"));
			if (isHuman ){//&& bankService.checkLogin(loginId, password) == true) {
				// if (isHuman) {
				// Captcha validation passed, perform protected action
				session.setAttribute("isCaptchaValid", true);
				System.out.println("nguoi");

				System.out.println(" login ok!!!");
				User user = new User();
				List<User> UserList = bankService.listUsers();
				for (User us : UserList) {
					if (us.getLoginId().equalsIgnoreCase(loginId)) {
						user = us;
						break;
					}
				}

				session.setAttribute("userSession", loginId);
				session.setAttribute("user", user);
				// model.addAttribute
				return ("redirect:/home");

				// }
			} else {
				// Captcha validation failed, show error message
				model.addAttribute("errorMessage", "Invalid captcha");
				model.addAttribute("errorMessage", "Login fails");
				session.setAttribute("isCaptchaValid", false);
				session.removeAttribute("isCaptchaValid");
				session.setAttribute("isCaptchaValid", null);
				session.invalidate();

				// if login fails 3 times, lock acc
				if (count == 3) {
					System.out.println("lock acc");
					count = 0;
					return ("login");
				}

				count = count + 1;
				System.out.println(count);
				return ("login");
			}
		}*/
		return ("home");
	}
	//for 403 access denied page
	@RequestMapping(value = "/403")
	public String accesssDenied() {
 
	//	String model = new ModelAndView();
 
//		if (user != null) {
//			model.addObject("msg", "Hi " + user.getName() 
//			+ ", you do not have permission to access this page!");
//		} else {
//			model.addObject("msg", 
//			"You do not have permission to access this page!");
//		}
// 
		//model.setViewName("403");
		return ("403");
 
	}
}
